FKIE_CVE-2025-12943

Vulnerability from fkie_nvd - Published: 2025-11-11 17:15 - Updated: 2025-12-08 14:29
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later
References
a2826606-91e7-4eb6-899e-8484bd4575d5https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025Vendor Advisory
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rax30Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/raxe300Product
Impacted products
Vendor Product Version
netgear rax30_firmware *
netgear rax30 -
netgear raxe300_firmware *
netgear raxe300 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE447F48-3725-4BF7-A83F-A3C36549F60D",
              "versionEndExcluding": "1.0.14.108",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC92B49-60E0-4554-BE7F-D2B5D6EF6454",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:raxe300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B7657D-2C55-4C4C-AC18-DF2B0961C06C",
              "versionEndExcluding": "1.0.9.82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:raxe300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3BE955-696E-41D6-B281-1473EC803803",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper certificate\nvalidation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream\nAX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band\nWiFi 6E Router) allows attackers with the ability to intercept and\ntamper traffic destined to the device to execute arbitrary commands on the\ndevice.\n\nDevices\nwith automatic updates enabled may already have this patch applied. If not,\nplease check the firmware version and update to the\nlatest.\n\n\n\nFixed in:\n\n\n\nRAX30 firmware\n1.0.14.108 or later.\n\n\n\nRAXE300 firmware\n1.0.9.82 or later"
    }
  ],
  "id": "CVE-2025-12943",
  "lastModified": "2025-12-08T14:29:40.323",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NO",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "AMBER",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "DIFFUSE",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Amber",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "LOW"
        },
        "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-11T17:15:39.410",
  "references": [
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rax30"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/raxe300"
    }
  ],
  "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.